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DETAILED ACTION 



1 . This action is responsive to amendments filed 8/3/2007. 

2. Claims 1 , 3-23, 25-37 are pending in the case. 

Response to Arguments 

3. Applicant's argument relative to allowability of the pending claims has been 
considered. Response to applicant's arguments is as follows: 

Rejection under section 112: 

Rejection under section 112 second paragraph is overcome by applicant's 
amendments. 

Applicant's argument with respect to rejection under section 112 first paragraph has 
been found non persuasive. Applicant points out to specification page 59 lines 12-15 
and page 60, line 16 to page 61, line 16 in support for the amendments. The cited parts 
provides support for at least three or more predetermined states, and for performing 
operations based on the state of the data record. However, the claimed invention 
requires commands to be executed based on the state. Therefore, the rejection under 
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section 112 first paragraph has not been overcome. Note that if applicant equates 
performing operations with executing commands, then the cited portions provide 
sufficient support for the claimed invention. 

Rejection under section 102(e): 

Applicant argues that Cordery shows only two states indicated by the data element, 
while the amended claims require at least three states shown by the data element. In 
view of this argument, a new grounds of rejection is presented. 

Applicant further argues that freshness data is not equivalent to a data element that 
determines what commands can be performs. Applicant argues: "According to Cordery, 
this freshness data is "data [not data record] that is unique for each transaction. " 
However, the claim requires a data element indicating the state of the data record. 
Therefore, the claimed language also requires "data" to be a representative of the state. 

Applicant further argues: " Moreover, "the meter box compares freshness data that is 
stored in meter box for each meter account to freshness data stored as part of the 
meter record. (Col. 9, lines 49-54 emphasis added.). In Cordery's system "if the 
compared freshness data are not identical [meaning the actual data content is being 
compared], then, at step 230, the meter box ends the transaction and alerts the 
Function Server 34 for possible tampering." (Col. 9, lines 59-62, emphasis added.). It is 
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clear from the above description that first, the freshness data of Cordery is not the same 
as the claimed "data element, " second, this freshness data does not and can not allow 
"only a predetermined type of commands,., to be executed on the data record [meter 
data, according to Cordery]." However, it is not clear how Comparing the freshness 
state of the record with the freshness data stored in the meter box shows that freshness 
data does not and can not allow only a predetermined type of commands to be 
executed. As shown in Fig. 4 and associated text, once the freshness data is verified 
many operations are performed, and if it is not verified, the transaction ends (no further 
operations performed). Therefore, Cordery's freshness state does determine if certain 
operations can be performed or not. 



Claim Rejections - 35 USC §112 



4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 



5. Claims 1, 3-23 and 25-37 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter, which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. Applicant has not identified portions 
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of specification in support of the new limitation: "wherein only a predetermined type of 
commands are allowed to be executed on the user transaction data record" and 
" executing one or more commands that are allowed for a present state of the user 
transaction data record." Applicant cited portions of the specification that supports 
controlling operations to be performed based on the state of the data record. Examiner 
notes that the amendments removed control of performing operations , and replaced it 
with control of execution of commands . The specification does not support execution of 
commands or any description that distinguishes execution of commands from 
performing operations. 



Claim Rejections - 35 USC § 103 



6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claim 1, 3-23 and 25-37 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Cordery (US Patent No. 6,466,921, filed 6/12/1998), and further in view of Lewis 
(US Patent No. 6,233,565, filed 2/13/1998) 

7.1 . As per claims 1 and 22, Cordery is directed to a system and method for providing 
public key infrastructure security in a wide area computer network (Fig. 1 and abstract), 
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comprising: a user terminal (Fig. 1, item 20 and associated text) coupled to the 
computer network (Fig. 1); a user transaction data record assigned to a user (col. 8 
lines 17-24, the meter record is assigned to a user), wherein the user transaction data 
record includes a data element indicating three or more predetermined states for the 
user transaction data record, wherein only a predetermined type of commands are 
allowed to be executed on the user transaction data record for each predetermined 
state (Cordery's col. 8 lines 17-24 shows that the freshness of the data record is 
verified. Freshness describes two states of being fresh or not being fresh. Col. 4 lines 
34-43 or col. 9 lines 40-58 shows using freshness to determine whether a transaction 
can be performed or not. Note that implementing the freshness state of the data record 
inherently requires a data element to indicate the state. Cordery shows controlling 
operations based on two states, but does not show controlling operations based on 
three or more states. Lewis col. 23 line 64 to col. 25 line 60 shows controlling operations 
according to three or more states. At the time of invention, it would have been obvious 
to the one skilled in art to enhance Cordery's system according to teachings of Lewis, 
and perform operations control based on more than two states. The combination would 
have been obvious because Cordery and Lewis are analogous art, as they are both 
directed to security and control of Postal Secure Device (PSD) transactions (see Lewis 
col. 3 line 57 to 66 and Cordery col. 3 line 65 to col. 4 line 15) The motivation to do so 
would have been to improve flexibility and finer control of transactions); a private key, 
and a public key assigned to a user for authenticating the user transaction data record 
(col. 8 lines 17-24, where the Function Server verifies the signature of the meter record, 
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and therefore authenticating the meter (transaction data) record) when the user 
registers with the system using the user terminal (col. 6, line 49 to 56, note that Fig. 1 
item 38 and associated text shows how keys are generated. Also note that col. 10 line 
20-27 suggests use of public and private keys as an alternative); a database remote 
from the user terminal for securely storing the transaction data record in the user 
transaction data record assigned to the user (Fig. 1, item 36 and associated text. Note 
that per col. 6, line 36-44, all keys related to users and their accounts are stored in the 
database); and a cryptographic device remote from the user terminal and coupled to the 
computer network including a computer executable code (column 7 lines 7 to 17, and 
"boxes" as shown in Fig. 1 and associated text) for signing the data in the user 
transaction data record utilizing the stored private key in the database (col. 8, lines 25- 
29), and for executing one or more of commands that are allowed for the present state 
of the user transaction data record (Cordery teaches using freshness to determine 
whether a transaction can be performed or not (see for example col. 4 lines 34-43 or 
col. 9 lines 40-58)) . 

7.2. Claim 2 is cancelled. 

7.3. As per claim 3, Cordery is directed the system of claim 1 , wherein the private key 
is encrypted when it is stored in the database (column 8 lines 29 to 30). 



7.4. 



As per claim 4, Cordery is directed the system of claim 2, wherein a respective 
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security device transaction data related to the user is loaded into a cryptographic device 
when the user requests a service (col. 8 lines 8-28). 

7.5. As per claims 5-10, Cordery is directed the system of claim 1, wherein the 
cryptographic device is configured to authenticate the identity of the user and verify that 
the identified user is authorized to assume a role and perform a corresponding 
operation (Fig. 2, item 62 and associated text describes a mailer (user) database, that 
stores related information to the user. Col. 8, lines 14-18, describes user authentication. 
It is the general purpose of user authentication to determine user access rights and 
roles to allow the user to perform the activities corresponding to their role) 

7.6. As per claim 1 1 , Cordery is directed the system of claim 5, wherein the 
cryptographic device includes a computer executable code for supporting multiple 
concurrent users and maintaining a separation of roles and operations performed by 
each user (column 6, line 14-27, indicates multiple mailers (users) can connect to the 
system in the real-time). 

7.7. As per claim 12, Cordery is directed the system of claim 5, wherein the 
cryptographic device stores information about a number of last transactions in a 
respective internal register (disclosed by column 8 lines 19 to 25, where the data record 
freshness is verified). 
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7.8. As per claim 13, Cordery is directed the system of claim 12, wherein the 
database stores a table including the respective information about a last transaction a 
verification module to compare the information saved in the device with the information 
saved in the database (column 8 line 19 to line 25, also see col. 7, lines 27-50). 

7.9. As per claim 14, Cordery is directed the system of claim 1 further comprising a 
digital certificate stored in the database and assigned to a user when the user registers 
with the system (column 6 line 1-5, describes sending the indicium to the user with a 
token (digital certificate)). 

7.10. As per claim 15, Cordery is directed the system of claim 1 , wherein the 
cryptographic device is configured for digitally signing a certificate (see response to 
claim 14). 

7.11. As per claim 16, Cordery is directed the system of claim 1, wherein the 
cryptographic device is configured for encrypting data (see response to claim 1). 

7.12. As per claim 17, Cordery is directed the system of claim 1, wherein the 
cryptographic device is configured for decrypting data (see response to claim 1). 

7.13. As per claim 18, Cordery is directed the system of claim 1, wherein the database 
includes a user profile for the user (column 6 line 49 to 56). 
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7.14. As per claim 19, Cordery is directed to the system of claim 18, wherein the user 
profile includes username, password, account expiration, user role, logon failure count, 
logon failure limit, logon time-out limit, password expiration, and password period 
(column 6 lines 49-56). 

7.15. As per claim 20, Cordery is directed to system of claim 5, wherein the 
cryptographic device is capable of performing one or more of DES (clearly disclosed in 
column 8 line 42 to 60), Rivest, Shamir and Adleman (RSA) public key encryption, 
Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms 
(which are comparable encryption algorithms to DES and an apparent choices to a 
person skilled in the art to use as alternative methods of encryption). 

7.21 . As per claim 21 , Cordery is directed to system of claim 5, wherein the 
cryptographic device stores information about a number of last transactions in an 
internal register and compares the information saved in the register with the information 
saved in a memory before loading a new transaction data (as mentioned in response to 
claim 12, record freshness is checked before the transaction is allowed). 

7.22. Limitations of claims 22-37 are substantially the same as limitations of claims 1- 
21 above. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Gilberto 
Barron can be reached on (571) 272-3799. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 



Center (EBC) at 866-217-9197 (toll-free). 
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